HTTP_PORTS: "80"
SHELLCODE_PORTS: "!80"
ORACLE_PORTS: 1521
- SSH_PORTS: 22
+ SSH_PORTS: "[22,222]"
DNP3_PORTS: 20000
MODBUS_PORTS: 502
FILE_DATA_PORTS: "[$HTTP_PORTS,110,143]"
nfq:
mode: repeat
- repeat-mark: 2
- repeat-mask: 2
+ repeat-mark: 16
+ repeat-mask: 16
# bypass-mark: 1
# bypass-mask: 1
# route-queue: 2
tls:
enabled: yes
detection-ports:
- dp: 443
+ dp: "[443,444,465,993,995]"
# Completely stop processing TLS/SSL session after the handshake
# completed. If bypass is enabled this will also trigger flow
content-inspect-min-size: 32768
content-inspect-window: 4096
imap:
- enabled: detection-only
+ enabled: yes
msn:
- enabled: detection-only
+ enabled: yes
smb:
enabled: yes
detection-ports:
tcp:
enabled: yes
detection-ports:
- dp: 53
+ dp: "[53,853]"
udp:
enabled: yes
detection-ports:
- dp: 53
+ dp: "[53,853]"
http:
enabled: yes
# memcap: 64mb
filename: pcaplog_stats.log
append: yes
-##
-## Hardware accelaration
-##
-
-# Cuda configuration.
-cuda:
- # The "mpm" profile. On not specifying any of these parameters, the engine's
- # internal default values are used, which are same as the ones specified in
- # in the default conf file.
- mpm:
- # The minimum length required to buffer data to the gpu.
- # Anything below this is MPM'ed on the CPU.
- # Can be specified in kb, mb, gb. Just a number indicates it's in bytes.
- # A value of 0 indicates there's no limit.
- data-buffer-size-min-limit: 0
- # The maximum length for data that we would buffer to the gpu.
- # Anything over this is MPM'ed on the CPU.
- # Can be specified in kb, mb, gb. Just a number indicates it's in bytes.
- data-buffer-size-max-limit: 1500
- # The ring buffer size used by the CudaBuffer API to buffer data.
- cudabuffer-buffer-size: 500mb
- # The max chunk size that can be sent to the gpu in a single go.
- gpu-transfer-size: 50mb
- # The timeout limit for batching of packets in microseconds.
- batching-timeout: 2000
- # The device to use for the mpm. Currently we don't support load balancing
- # on multiple gpus. In case you have multiple devices on your system, you
- # can specify the device to use, using this conf. By default we hold 0, to
- # specify the first device cuda sees. To find out device-id associated with
- # the card(s) on the system run "suricata --list-cuda-cards".
- device-id: 0
- # No of Cuda streams used for asynchronous processing. All values > 0 are valid.
- # For this option you need a device with Compute Capability > 1.0.
- cuda-streams: 2
-
##
## Include other configs
##